Thanks for testing. I didn’t got to this level yet… I am trying to test couple aspects but I believe that this step is so fast that I didn’t noticed it even there. Thanks, Eliezer From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eric Lackey Using squid-4.2-1.el7.x86_64 I'm looking at ways to optimize Squid when using ssl_bump. We use the peek & splice approach now and it works pretty well. While running some tests, I noticed that Squid always makes an outbound connection to the remote server regardless of when I terminate the connection. I'm trying to build a configuration that denies traffic immediately if the client SNI header doesn't match without making a connection to the remote host. Here is a very simple configuration that should terminate all connections after step1. The connection is terminated, but by running a tcpdump at the same time, I see that Squid still makes an outbound connection. acl step1 at_step SslBump1 ssl_bump terminate step1 I would expect that if I terminate after step1, the connection to the remote server should never be made. Can anyone help me understand why Squid would still make the outbound connection in this instance? |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
